4.2. Matching Rule Definitions (H-Z)

4.2.17. generalizedTimeOrderingMatch

The generalizedTimeOrderingMatch rule compares the time ordering of an assertion value of the Generalized Time syntax to an attribute value of a syntax (e.g., the Generalized Time syntax) whose corresponding ASN.1 type is GeneralizedTime.

The rule evaluates to TRUE if and only if the attribute value represents a universal coordinated time that is earlier than the universal coordinated time represented by the assertion value.

The LDAP definition for the generalizedTimeOrderingMatch rule is:

( 2.5.13.28 NAME 'generalizedTimeOrderingMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )

The generalizedTimeOrderingMatch rule is an ordering matching rule.

4.2.18. integerFirstComponentMatch

The integerFirstComponentMatch rule compares an assertion value of the Integer syntax to an attribute value of a syntax (e.g., the DIT Structure Rule Description syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory first component of the INTEGER ASN.1 type.

Note that the assertion syntax of this matching rule differs from the attribute syntax of attributes for which this is the equality matching rule.

The rule evaluates to TRUE if and only if the assertion value and the first component of the attribute value are the same integer value.

The LDAP definition for the integerFirstComponentMatch matching rule is:

( 2.5.13.29 NAME 'integerFirstComponentMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

The integerFirstComponentMatch rule is an equality matching rule. When using integerFirstComponentMatch to compare two attribute values (of an applicable syntax), an assertion value must first be derived from one of the attribute values. An assertion value can be derived from an attribute value by taking the first component of that attribute value.

4.2.19. integerMatch

The integerMatch rule compares an assertion value of the Integer syntax to an attribute value of a syntax (e.g., the Integer syntax) whose corresponding ASN.1 type is INTEGER.

The rule evaluates to TRUE if and only if the attribute value and the assertion value are the same integer value.

The LDAP definition for the integerMatch matching rule is:

( 2.5.13.14 NAME 'integerMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

The integerMatch rule is an equality matching rule.

4.2.20. integerOrderingMatch

The integerOrderingMatch rule compares an assertion value of the Integer syntax to an attribute value of a syntax (e.g., the Integer syntax) whose corresponding ASN.1 type is INTEGER.

The rule evaluates to TRUE if and only if the integer value of the attribute value is less than the integer value of the assertion value.

The LDAP definition for the integerOrderingMatch matching rule is:

( 2.5.13.15 NAME 'integerOrderingMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

The integerOrderingMatch rule is an ordering matching rule.

4.2.21. keywordMatch

The keywordMatch rule compares an assertion value of the Directory String syntax to an attribute value of a syntax (e.g., the Directory String syntax) whose corresponding ASN.1 type is DirectoryString.

The rule evaluates to TRUE if and only if the assertion value character string matches any keyword in the attribute value. The identification of keywords in the attribute value and the exactness of the match are both implementation specific.

The LDAP definition for the keywordMatch rule is:

( 2.5.13.33 NAME 'keywordMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

4.2.22. numericStringMatch

The numericStringMatch rule compares an assertion value of the Numeric String syntax to an attribute value of a syntax (e.g., the Numeric String syntax) whose corresponding ASN.1 type is NumericString.

The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point.

In preparing the attribute value and assertion value for comparison, characters are not case folded in the Map preparation step, and only numericString Insignificant Character Handling is applied in the Insignificant Character Handling step.

The LDAP definition for the numericStringMatch matching rule is:

( 2.5.13.8 NAME 'numericStringMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )

The numericStringMatch rule is an equality matching rule.

4.2.23. numericStringOrderingMatch

The numericStringOrderingMatch rule compares an assertion value of the Numeric String syntax to an attribute value of a syntax (e.g., the Numeric String syntax) whose corresponding ASN.1 type is NumericString.

The rule evaluates to TRUE if and only if, in the code point collation order, the prepared attribute value character string appears earlier than the prepared assertion value character string; i.e., the attribute value is "less than" the assertion value.

The rule is identical to the caseIgnoreOrderingMatch rule except that all space characters are skipped during comparison (case is irrelevant as the characters are numeric).

The LDAP definition for the numericStringOrderingMatch matching rule is:

( 2.5.13.9 NAME 'numericStringOrderingMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )

The numericStringOrderingMatch rule is an ordering matching rule.

4.2.24. numericStringSubstringsMatch

The numericStringSubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the Numeric String syntax) whose corresponding ASN.1 type is NumericString.

The rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings in the assertion value, (2) an <initial> substring, if present, matches the beginning of the prepared attribute value character string, and (3) a <final> substring, if present, matches the end of the prepared attribute value character string. A prepared substring matches a portion of the prepared attribute value character string if corresponding characters have the same code point.

The LDAP definition for the numericStringSubstringsMatch matching rule is:

( 2.5.13.10 NAME 'numericStringSubstringsMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )

The numericStringSubstringsMatch rule is a substrings matching rule.

4.2.25. objectIdentifierFirstComponentMatch

The objectIdentifierFirstComponentMatch rule compares an assertion value of the OID syntax to an attribute value of a syntax (e.g., the Attribute Type Description, DIT Content Rule Description, LDAP Syntax Description, Matching Rule Description, Matching Rule Use Description, Name Form Description, or Object Class Description syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory first component of the OBJECT IDENTIFIER ASN.1 type.

Note that the assertion syntax of this matching rule differs from the attribute syntax of attributes for which this is the equality matching rule.

The rule evaluates to TRUE if and only if the assertion value matches the first component of the attribute value using the rules of objectIdentifierMatch.

The LDAP definition for the objectIdentifierFirstComponentMatch matching rule is:

( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )

The objectIdentifierFirstComponentMatch rule is an equality matching rule. When using objectIdentifierFirstComponentMatch to compare two attribute values (of an applicable syntax), an assertion value must first be derived from one of the attribute values. An assertion value can be derived from an attribute value by taking the first component of that attribute value.

4.2.26. objectIdentifierMatch

The objectIdentifierMatch rule compares an assertion value of the OID syntax to an attribute value of a syntax (e.g., the OID syntax) whose corresponding ASN.1 type is OBJECT IDENTIFIER.

The rule evaluates to TRUE if and only if the assertion value and the attribute value represent the same object identifier; that is, the same sequence of integers, whether represented explicitly in the <numericoid> form of <oid> or implicitly in the <descr> form (see [RFC4512]).

If an LDAP client supplies an assertion value in the <descr> form and the chosen descriptor is not recognized by the server, then the objectIdentifierMatch rule evaluates to Undefined.

The LDAP definition for the objectIdentifierMatch matching rule is:

( 2.5.13.0 NAME 'objectIdentifierMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )

The objectIdentifierMatch rule is an equality matching rule.

4.2.27. octetStringMatch

The octetStringMatch rule compares an assertion value of the Octet String syntax to an attribute value of a syntax (e.g., the Octet String or JPEG syntax) whose corresponding ASN.1 type is the OCTET STRING ASN.1 type.

The rule evaluates to TRUE if and only if the attribute value and the assertion value are the same length and corresponding octets (by position) are the same.

The LDAP definition for the octetStringMatch matching rule is:

( 2.5.13.17 NAME 'octetStringMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )

The octetStringMatch rule is an equality matching rule.

4.2.28. octetStringOrderingMatch

The octetStringOrderingMatch rule compares an assertion value of the Octet String syntax to an attribute value of a syntax (e.g., the Octet String or JPEG syntax) whose corresponding ASN.1 type is the OCTET STRING ASN.1 type.

The rule evaluates to TRUE if and only if the attribute value appears earlier in the collation order than the assertion value. The rule compares octet strings from the first octet to the last octet, and from the most significant bit to the least significant bit within the octet. The first occurrence of a different bit determines the ordering of the strings. A zero bit precedes a one bit. If the strings contain different numbers of octets but the longer string is identical to the shorter string up to the length of the shorter string, then the shorter string precedes the longer string.

The LDAP definition for the octetStringOrderingMatch matching rule is:

( 2.5.13.18 NAME 'octetStringOrderingMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )

The octetStringOrderingMatch rule is an ordering matching rule.

4.2.29. telephoneNumberMatch

The telephoneNumberMatch rule compares an assertion value of the Telephone Number syntax to an attribute value of a syntax (e.g., the Telephone Number syntax) whose corresponding ASN.1 type is a PrintableString representing a telephone number.

In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, and only telephoneNumber Insignificant Character Handling is applied in the Insignificant Character Handling step.

The LDAP definition for the telephoneNumberMatch matching rule is:

( 2.5.13.20 NAME 'telephoneNumberMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )

The telephoneNumberMatch rule is an equality matching rule.

4.2.30. telephoneNumberSubstringsMatch

The telephoneNumberSubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the Telephone Number syntax) whose corresponding ASN.1 type is a PrintableString representing a telephone number.

In preparing the attribute value and assertion value substrings for comparison, characters are case folded in the Map preparation step, and only telephoneNumber Insignificant Character Handling is applied in the Insignificant Character Handling step.

The LDAP definition for the telephoneNumberSubstringsMatch matching rule is:

( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )

The telephoneNumberSubstringsMatch rule is a substrings matching rule.

4.2.31. uniqueMemberMatch

The uniqueMemberMatch rule compares an assertion value of the Name And Optional UID syntax to an attribute value of a syntax (e.g., the Name And Optional UID syntax) whose corresponding ASN.1 type is NameAndOptionalUID.

The rule evaluates to TRUE if and only if the <distinguishedName> components of the assertion value and attribute value match according to the distinguishedNameMatch rule and either, (1) the <BitString> component is absent from both the attribute value and assertion value, or (2) the <BitString> component is present in both the attribute value and the assertion value and the <BitString> component of the assertion value matches the <BitString> component of the attribute value according to the bitStringMatch rule.

Note that this matching rule has been altered from its description in X.520 [X.520] in order to make the matching rule commutative. Server implementors should consider using the original X.520 semantics (where the matching was less exact) for approximate matching of attributes with uniqueMemberMatch as the equality matching rule.

The LDAP definition for the uniqueMemberMatch matching rule is:

( 2.5.13.23 NAME 'uniqueMemberMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )

The uniqueMemberMatch rule is an equality matching rule.

4.2.32. wordMatch

The wordMatch rule compares an assertion value of the Directory String syntax to an attribute value of a syntax (e.g., the Directory String syntax) whose corresponding ASN.1 type is DirectoryString.

The rule evaluates to TRUE if and only if the assertion value word matches, according to the semantics of caseIgnoreMatch, any word in the attribute value. The precise definition of a word is implementation specific.

The LDAP definition for the wordMatch rule is:

( 2.5.13.32 NAME 'wordMatch'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

4.2.17. generalizedTimeOrderingMatch​

4.2.18. integerFirstComponentMatch​

4.2.19. integerMatch​

4.2.20. integerOrderingMatch​

4.2.21. keywordMatch​

4.2.22. numericStringMatch​

4.2.23. numericStringOrderingMatch​

4.2.24. numericStringSubstringsMatch​

4.2.25. objectIdentifierFirstComponentMatch​

4.2.26. objectIdentifierMatch​

4.2.27. octetStringMatch​

4.2.28. octetStringOrderingMatch​

4.2.29. telephoneNumberMatch​

4.2.30. telephoneNumberSubstringsMatch​

4.2.31. uniqueMemberMatch​

4.2.32. wordMatch​